EIP-2026-113019

PRE-CVE

vBulletin ChangUonDyU Advanced Statistics - SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113019. PoCs published by Juno_okyo.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in vBulletin's ChangUonDyU Advanced Statistics plugin via the 'listforumid' parameter in ajax.php. The PoC includes crafted UNION SELECT queries to extract database information and user credentials.

Description

vBulletin ChangUonDyU Advanced Statistics - SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Juno_okyo · textwebappsphp
https://www.exploit-db.com/exploits/22429

This exploit demonstrates a SQL injection vulnerability in vBulletin's ChangUonDyU Advanced Statistics plugin via the 'listforumid' parameter in ajax.php. The PoC includes crafted UNION SELECT queries to extract database information and user credentials.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: vBulletin 3 & 4 with ChangUonDyU Advanced Statistics plugin
No auth needed
Prerequisites: Access to the target's ajax.php endpoint
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026